Static code analysis is the analysis of computer software performed without actually executing the software being analyzed. The term is usually applied to the analysis performed by an automated tool. The analyses performed by these tools vary from those that only consider the behavior of individual statements and declarations to those that include an analysis of the complete source code of a program. Modern static check tools can be integrated into a development environment. Such an integration might, for example, highlight flawed code while it is being typed. Such early feedback aids in improving quality and reducing costs.
One theory of code development is that it is better to fix every flaw as soon as it is detected. While this theory works well for new code, applying it to legacy code can present a problem. Typically, the legacy code has not followed newer rules of programming and thus static analysis of legacy code can result in a huge number of “errors” detected. Legacy code is code that has been written before a new rule shall be applied to the code. Solving for all of these errors may stall development time and introduce new risk (as each change bears the risk of introducing new flaws).